There are various situations in which code needs to be downloaded with trust verification but the code is not an OLE Object. Such cases are not addressed by the current specification of the Internet Component Download mechanism. Solutions for these cases need to use the WinVerifyTrust mechanism directly, as detailed below:
- <A HREF> tag in HTML: It is possible in HTML to download and run .EXE files directly using the <A HREF> tag. The HTML parser uses URL Moniker directly to download this code, and it calls WinVerifyTrust to check validity.
- Scripts: scripting languages will need to define a mechanism for inserting certificates in the script (perhaps in special comments). Given such a mechanism, the WinVerifyTrust service will provide trust verification of any such scripts that are downloaded from the internet.
- Full applications, other: The existing Internet Component Download will not handle extremely complex download situations (e.g. download/install DOOM, register device drivers, reboot machine). Future releases will aim to allow hooking into the Component Download mechanism to provide more complicated setup routines.